Clinic Nerds
Back
Focus on phi hotspots poster


HIPAA Simplified

So here is the challenge: Is it possible to make HIPAA easier to understand, while remaining legal and HIPAA compliant? To create this easy HIPAA, we used the following seven strategies.

#1 Limited Scope

The first easy-HIPAA strategy is to limit the scope. In hard-HIPAA, they try to cover the whole healthcare industry but just end up confusing everybody. In easy-HIPAA, we focus on small clinics. This app is NOT for health insurance companies and is NOT for big hospital chains. The HIPAA Lifeguard app is just for small clinics.

#2 Focus on the Important Stuff

The second easy-HIPAA strategy is to focus on the important parts of HIPAA - the stuff that leads to big HIPAA fines. In hard-HIPAA, they insist on memorizing everything including famous dates in HIPAA history. The hard-HIPAA certification tests ask: "In what year was the HIPAA Omnibus Rule signed into law?" Does that really matter!? In easy-HIPAA, we focus on what the HIPAA Police focus on - securing patient data (also known as PHI or Protected Health Information).

#3 Better Examples

The third easy-HIPAA strategy is to provide better examples - more colorful examples. In hard-HIPAA, they have more officers than the Army: Privacy Officer, Security Officer, Compliance Officer, and HIPAA Officer. Do they really expect us to remember the difference between the Privacy Officer and the Security Officer? In easy-HIPAA, we use just one title: HIPAA Lifeguard. Every small clinic assigns one person to be the HIPAA Lifeguard.

#4 Do-It-Yourself

The fourth easy-HIPAA strategy is to make HIPAA do-it-yourself. In hard-HIPAA, they require hiring expensive lawyers and consultants that stampede through the clinic, disrupting workflows. Easy-HIPAA is do-it-yourself. The app walks you through the six tasks with how-to-videos.

#5 Mobile App

The fifth easy-HIPAA strategy is to use your cellphone. In hard-HIPAA, they still use the DOS command prompt from the 1980s. In easy-HIPAA, everything can be done with just a cellphone. The app is designed and built specifically for cellphone screens.

#6 Simple Tasks

The sixth easy-HIPAA strategy is to customize and simplify the risk-assessment. In hard-HIPAA, their 340 page risk-assessment has an 'addressable' decision tree that confuses chess grandmasters. In easy-HIPAA, we have six tasks that are straight forward.

#7 PHI Hotspots

The seventh easy-HIPAA strategy is to simplify Protected Health Information (PHI). In hard-HIPAA, electronic-PHI (ePHI) is somehow different from other PHI. In hard-HIPAA, they are still not sure if an X-ray is PHI, ePHI, or not-PHI. In easy-HIPAA, we condense all PHI into a list of PHI Hotspots. Everybody in your clinic will know these PHI Hotspots - there will be no doubts about PHI.

The most important output of the app is the clinic's customized list of PHI Hotspots.

ClinicNerds developed this HIPAA Lifeguard App using the above strategies. (To be clear, ClinicNerds is the company name - the product is the HIPAA Lifeguard App.)


Why Lifeguard?

At the beach and pool, a lifeguard watches over and protects the swimmers. At the clinic, the HIPAA Lifeguard watches over and secures the PHI Hotspots.

The clinic owners designate a person (e.g. Office Manager) to be the HIPAA Lifeguard. The HIPAA Lifeguard will be the person using the HIPAA Lifeguard app.

Every small clinic has a few dozen PHI Hotspots. The six tasks in this app reveal your PHI Hotspots. If any PHI Hotspot is lost, stolen, or hacked it is a PHI breach that should be reported to the HIPAA Police.

This app helps the HIPAA Lifeguard manage the clinic's PHI Hotspots. Every employee will be trained to know the clinic's PHI Hotspots. If the clinic buys a new computer, the HIPAA Lifeguard will add it to the PHI Hotspots.

Some Common PHI Hotspots
» File cabinet with medical records
» Prescriptions on a fax machine
» Computer spreadsheet with patient addresses
» Cellphone with access to clinic email
» Nearly all computers



In easy-HIPAA, we reduce it down to a few ideas:

  • Does the clinic have a HIPAA Notebook?
  • Who is the clinic's HIPAA Lifeguard?
  • Do you have a list of the clinic's PHI Hotspots?
  • What are the clinic's policies and procedures for securing the PHI Hotspots?

Healthcare is hard enough. There are already a million daily headaches in a clinic. Let's not make it any harder than it needs to be. Simple words and simple concepts are more likely to be understood by your employees. Lifeguards and hotspots are deliberately simple words and concepts.


More app info